Skip to content

Hacia una defensa proactiva contra amenazas en aplicaciones móviles

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a standard security measure to protect IT systems from bots and other automated attacks. It presents a challenge to the end-user which cannot be solved by computers and distinguishes a genuine human from a computer by checking if the answer is correct or not. Its existence discourages the adversary to execute simple brute-force and dictionary attacks but also deteriorates user experience at the same time.


Unlike CAPTCHA, Verimatrix envisions a ‘friendly security design’ through its Extended Threat Defense (XTD) product line. Verimatrix XTD equips the mobile apps with smart sensing and actuating capabilities against security threats. Mobile apps can autonomously detect the threat and contain adversaries instantly without interrupting the ordinary users, who certainly make up the vast majority. This way XTD transforms the traditional passive threat defense strategies to a proactive one.


Adi Shamir’s famous third law of security states that cryptography is typically bypassed, not penetrated. In line with his rule, there are websites which turn people in low-income regions into real-time low-cost CAPTCHA solvers and advertise this service online. If an adversary has the motivation to pay a small fee and tackle the CAPTCHA obstacle, an off-the-shelf solution is already available. This is a good example to show how clever and organized attackers could be and how passive defense strategies are usually defeated.


XTD relies on the fact that an adversary cannot hide all the traces while imitating the ordinary user like Bob from the human resources or Alice from the finance department. Continuous monitoring and assessment of the mobile device and app status gather invaluable intelligence to identify the threat actor which significantly varies from a script kiddie to criminal groups backed by rogue states. Many known adversary techniques (e.g. Root/Jailbreak, Debugging, Hooking, Tampering) are detected by XTD and it can shed light on unknown exploits in the wild. XTD fulfills the MITRE ATT&CK mobile mitigation techniques Attestation and Deploy Compromised Device Detection Method.


Another notable design consideration of XTD is being able to integrate it into the customers’ product ecosystems with minimal effort. This is a key factor for a security solution to be vastly adopted and plays a significant role in our friendly security approach. For instance, our zero-code technology embeds the App Shield security solution for Android and iOS apps. It means you can transfer our security expertise into your mobile apps and establish an alliance against various threat actors within minutes.


Recently at the Apple Worldwide Developer Conference 2022, Apple announced a new security feature called Private Access Token (PAT) which is going to replace the existing not-so-user-friendly CAPTCHA checks. This new approach is based on an assessment of the user device and account, and it is completely transparent to the end-user. XTD has been built upon similar principles, but it goes deeper to solve a complicated problem of active defense than only blocking bots.


Today, proactive threat defense is not just a nice-to-have, but it is rather a necessity considering the sophistication of the adversary, easy access to tools and complexity of the modern systems. Verimatrix Extended Threat Defense fills

Do you have questions about applications and content security?

Book a call with one of our experts

Want to keep up with Verimatrix news?

Sign up to the newsletter

Recent Posts

Mobile RASP vs Shielding vs In-App Protection

The reward of engaging with a loyal customer base doesn’t come without risk. Hackers, often highly resourced cybercriminal gangs, recognize that mobile apps provide a gateway into the enterprise. As awareness grows about this risk, enterprises are increasingly seeking solutions to secure and protect their mobile apps.

Software Supply Chain Reaction

It’s rare these days to fully know the origins of all your code. It’s perhaps so surprisingly rare that even the most discerning developers typically

5 Misconceptions of Root Detection

Most mobile security architects and app development are aware of the dangers of running their apps on rooted devices (or Jailbroken in iOS terminology). At

Hacia una defensa proactiva contra amenazas en aplicaciones móviles

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a standard security measure to protect IT systems from bots and other…
Want to take a deep dive?

Connect with us

This site is registered on as a development site.